15 May 2024

ROCC Signs on to Letter Urging Margrethe Vestager of the European Commission to Enforce the Data Portability Requirements of the Digital Markets Act

WASHINGTON, D.C. – On April 17, 2024, the Responsible Online Commerce Coalition (ROCC) signed on to a letter applauding Margrethe Vestager, the Executive Vice-President and Commissioner for Competition of the European Commission, for all the work that has been done thus far to ensure gatekeepers comply with the EU’s Digital Markets Act. ROCC signed alongside a coalition of business organizations to support global efforts to combat abuse of monopoly power by Big Tech gatekeepers like Amazon. The organizations also drew the attention of the Commissioner to the enforcement of data portability requirements that may go overlooked under the EU Digital Markets Act.

“We urge the Commission to prioritize this issue and dedicate resources to this effective and timely enforcement,” stated the letter. “Data Portability is not just a regulatory requirement; it is a key mechanism for empowering consumers and driving economic growth in the digital age, and the European Commission has a crucial role to play in ensuring the effective implementation of data portability requirements under the EU Digital Markets Act.”

Full text of the letter is available HERE and below:

Dear Madam Vice-President,

Today marks 40 days since the implementation deadline for gatekeepers to comply with

the EU’s flagship Digital Markets Act (DMA). Important steps have been taken by

gatekeepers in this time, and we applaud all of the work that has been done to level the

playing field and give consumers more choices, but there remain significant gaps to

address. We are writing to draw your attention to a critical area of non-compliance that

we fear might not receive the urgent attention that it deserves.

The organisations behind this letter (MyData Global, The Coalition for Online Data

Empowerment, and the Ethical Commerce Alliance) collectively represent hundreds of

organisations around the world that are seeking to empower individuals to take control of

their personal data online. The right to data portability, as enshrined within the GDPR, has

to date failed to deliver on its tremendous promise – we urge you not to allow the DMA to

become another missed opportunity.

Clear evidence of non-compliance

The DMA requires designated gatekeepers (Alphabet, Amazon, Apple, ByteDance, Meta,

Microsoft) to facilitate, free, continuous and real-time portability “of data that is provided

by the end-user or generated through the activity of the end user in the context of the use”

on their platforms. By enabling individuals to control their personal data and seamlessly

switch between digital services, data portability promotes competition, innovation, and

user autonomy in the digital ecosystem. This is a critical, but often overlooked aspect of

the DMA, which is essential to empowering consumers and fostering a common digital

market aligned with the human-centric principles of the European data strategy.

Since the DMA’s implementation deadline of 7 March 2024, there is ample evidence

that its data portability requirements have not been fully complied with. This presents

an urgent need for action by the Commission and the series of workshops held on

Gatekeeper compliance in early March was an excellent first step.

The Commission’s attention to these issues reflects increasing awareness among the

broad set of stakeholders committed to ethical and responsible data practices, that data

portability plays a pivotal role in realising the vision of a digital Europe that prioritises the

rights and interests of its citizens. Data portability empowers consumers by providing

them with greater control over their personal data, allowing them to choose the services

that best meet their needs and preferences. Moreover, data portability fosters

competition by lowering barriers to entry for new market entrants and encouraging

innovation through the development of new services and applications that leverage user

data responsibly. Failure to enforce the data portability requirements of the DMA risks

undermining the principles of fairness, transparency, and user empowerment that

underpin the European data strategy.

Urgent and robust action is needed

In light of these challenges, we call upon the European Commission to take decisive

action to enforce data portability requirements under the EU Digital Markets Act.

Specifically, we urge the Commission to:

1. Ensure Immediate Implementation of Authorization for Recurring Transfers:

All six gatekeepers must be compelled to implement tools that allow for extended

authorization of daily recurring downloads for up to one year, applied to all user

data across their Core Platform Services (CPS). While some have chosen to deliver

this functionality from the outset, there are some significant exceptions. To be

clear, this outcome should be viewed as an interim solution only, and the

Commission must therefore be prepared to initiate investigations and enforce

sanctions where gatekeepers fail to deliver this baseline level of compliance.

2. Provide Robust Oversight of Implementation and Usage:

The Commission must closely monitor how gatekeeper platforms operate data

portability tools, ensuring transparency and accountability in their deployment. If

developers from other services are unable to access the tools, then the tools are a

facade to mask non-compliance. Gatekeepers must not be allowed to hide behind

superficial privacy measures to evade their responsibilities; meaningful

enforcement and oversight are essential to safeguard user rights.

3. Demand Commitment to Continuous and Real-time Data Flow:

Gatekeeper platforms must commit to implementing Continuous and Real-Time

(C&RT) data portability mechanisms, ensuring a continuous flow of data that is

critical to its value and utility. No ifs, no buts. We urge the Commission to secure

firm commitments from the gatekeepers regarding the timeline for implementing

C&RT mechanisms to prevent indefinite delays. The gatekeepers must no longer

be allowed to discuss C&RT as if it is a hypothetical policy debate for the future – it

is a legal obligation that has been placed on them, and they are choosing not to


We recognise that data portability is not easy, and there are strong incentives for the

largest technology firms to delay its progress. It is a cost line for large data holders with

no immediate associated revenue. It also represents a threat to incumbent companies’

market power and associated profits. As a result, we do not expect significant

implementation of data portability requirements without meaningful enforcement by the

Commission. But that enforcement is necessary, and it will need to be robust.

Data portability is not just a regulatory requirement; it is a key mechanism for

empowering consumers and driving economic growth in the digital age, and the

European Commission has a crucial role to play in ensuring the effective implementation

of data portability requirements under the EU Digital Markets Act. We urge the

Commission to prioritize this issue and dedicate resources to its effective and timely


Thank you for your efforts to drive forward these critical changes that will transform EU

citizens’ relationship with their personal data for generations to come. We stand ready to

support and collaborate with the Commission in advancing the cause of data portability

and ensuring a fair and transparent digital future for all.


Eric Pol

Chairman of the Board

MyData Global

Tom Fish


Coalition for Online Data Empowerment (CODE)

Borja Santaolalla

Senior Advisor

Ethical Commerce Alliance (ECA)

Latest news